The General Data Protection Regulation (EU) 2016/679 (the GDPR) will directly apply in EU Member States from 25 May 2018 and will govern how organisations use personal data and increase the protection of individual’s privacy. There will also be a new UK Act to replace the Data Protection Act 1998. Does it apply to clubs? Clubs will be “controllers” of personal data (for example, name, address, date of birth) that they collect, store, use, share and delete (this is known as “processing” of personal data). Clubs will process personal data of their members, parents, volunteers, committee members, etc. The GDPR will apply to clubs, regardless of size. The GDPR will even apply to clubs which are not incorporated (for example, as a company) as they will still process personal data, whether or not this is shared with anyone outside the club.